Volatility problem extract SAM data

General (Technical, Procedural, Software, Hardware etc.)

Last Post by sisyphus 4 years ago

2 Posts

2 Users

0 Reactions

2,247 Views

RSS

Zorgon

(@zorgon)

New Member

Joined: 4 years ago

Posts: 1

Topic starter 25/03/2021 11:55 am

Hi ;
is there any other way to extract SAM information from Windows 10, because with Volatility; the extract command doesn't give anything, and the full registry dump is not usable regarding the SAM part.
Question do you have a tool or an approach to explore?

Quote

sisyphus

(@sisyphus)

New Member

Joined: 5 years ago

Posts: 4

30/03/2021 2:27 pm

Your question seems vague to me. Are you wanting to extract the SAM hive from Windows or just extract data from the SAM hive?

Either way, you can always extract the SAM hive via cmd with admin rights "reg save hklm\sam x:\sam"

If you want to examine the SAM hive data, you can look for Registry Explorer or other free tools by Eric Zimmerman.

A cursory online search will offer you many more gui or cmdline options to choose from.

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
237 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed